Modern technologies, such as the Internet and other electronic communication networks, allow parties to transact at a distance. Remote transactions, such as electronic commerce, have become ubiquitous. Additionally, cashless transactions, using a variety of alternative payment instruments, such as credit cards and “electronic checks,” have become increasingly common. While this modern technology has made it convenient to engage in commerce at any time or location, the use of untrusted networks such as the Internet, when combined with the increasing use of financial instruments, has, however, provided new opportunities for fraudulent access to or misuse of sensitive data. This unauthorized access may allow, for example, the execution of fraudulent financial transactions, potentially without the knowledge of either party to a legitimate transaction. Alternatively, leakage of sensitive information may allow an eavesdropper or “hacker” to fraudulently authenticate himself to other parties, thus gaining unauthorized access to data, resources, or money. Modern networks, by the nature of the technology, may make many copies, transient or permanent, of transmitted data, therefore increasing the likelihood of unauthorized “leakage” of secret or sensitive information. Due to the distributed nature of modern digital networks such as the Internet, as well as the manner in which computers operate, it is nearly impossible to ensure that every instance of sensitive data is deleted.
One way to reduce the likelihood of fraudulent use of sensitive data is to re-engineer systems so that the data is never stored or transmitted except in a suitably scrambled form. This is typically accomplished by performing a cryptographic operation on the data, thus changing its form. If the form of the data changes extensively, entire communication networks may need to be redesigned at great expense, as various network resources assume the data to have a particular size and field arrangement. Additionally, not all data being exchanged during a transaction is sensitive, and thus encrypting all of it is a waste of computing resources. Encryption also requires the creation, distribution, and management of keys. Having to manage keys results in more complicated networks increases the opportunities for inadvertent leakage of secrets. Encryption also requires decryption before protected data can be used. Finally, methods of encrypting data known in the art may require data to be decrypted and re-encrypted multiple times as it passes from system to system or between domains within systems.
It would be desirable to have methods and systems for enabling sensitive data fields to be transformed at the point of data entry in such as way that this transformation need only occur once, at the time of transaction data collection. It would also be desirable if such methods and systems did not require extensive re-engineering of existing networks. It would also be desirable if such methods and systems did not require the computational resources associated with cryptographic computations. It would also be desirable if such methods and systems did not require the creation, distribution, and management of cryptographic keys.
Embodiments of the invention address these problems and other problems individually and collectively.